Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

ABAP HTTP(S) Client: HTTPS with server containing self-signed certificate

Hi experts,

I want to communicate using CL_HTTP_CLIENT (ABAP Stack in WebAS) over HTTPS with a server containing <u>self-signed</u> certificate. (In some more details, I wanna go through form-based authentication in this way)

What I already have done is

1. Client Identity (MAIL) in STRUST with the certificate of the target server

2. the small demo instantiating HTTP client in this way

cl_http_client=>create_by_url( exporting url = lf_url ssl_id = 'MAIL'

importing client = http_client ).

Unfortunately, the request doesn't leave the server and in ICM trace I can see that the reason is that the target certificate is not verified:

[Thr 3476] ERROR in ssl3_get_server_certificate: (9/0x0009) the verification of the server's certificate chain failed #

ERROR in af_verify_Certificates: (27/0x001b) Chain of certificates is incomplete : "CN=ISVPMAIL"#

ERROR in get_path: (27/0x001b) Found root certificate of <CN=ISVPMAIL> which does not fit the given PKRoot #

ERROR in verify_with_PKs: (27/0x001b) Found root certificate of <CN=ISVPMAIL> which does not fit the given PKRoot #

Can I anyhow specify in STRUST that the certificate is self-signed, or is it possible to add this certificate to the list of root certificates on WebAS?

Thanks

Andrey

Former Member
replied

Hi Andrey,

do you know <a href="https://service.sap.com/sap/support/notes/1094342">SAP Note 1094342</a>, already?

Advice: ensure that you are using the "SSL client certificate 'ANONYM" (not "DFAULT") since you only intend to use SSL for encrypted data transmission (but not for SSO based on client certificates).

Cheers, Wolfgang

0 View this answer in context
Not what you were looking for? View more on this topic or Ask a question